Resources
Selected articles
Offline Autoruns Revisited - Auditing Malware Persistence
Investigating PowerShell: Command and Script Logging
Device Profiling with Windows Prefetch
What is New in Windows Application Execution?
Mo’ Shells Mo’ Problems – Web Server Log Analysis
Getting Started with Linux Memory Forensics
Computer Forensics How-To: Microsoft Log Parser
NTFS $I30 Index Attributes: Evidence of Deleted and Overwritten Files
OpenSaveMRU and LastVisitedMRU
Finding Registry Malware Persistence with RECmd
Cloud Storage Acquisition from Endpoint Devices
SANS FOR500: Windows Forensic Analysis - Updated for Windows 11 and Beyond
Power Up Memory Forensics with Memory Baseliner
Updated Windows Forensic Analysis Poster
Finding Evil WMI Event Consumers with Disk Forensics
Google Chrome Platform Notifications (LevelDB)